How do I make data uploaded by PHP safe during transmission?

views:

answers:

+1 Q:

How do I make data uploaded by PHP safe during transmission?

I'm allowing authenticated users to upload image files with my PHP application. Assume I've built in the necessary security to make sure the file itself is valid, is there a possibility of the http transmitted file to be intercepted in some way? If so, how can I protect the transmission of the file? Would HTTPS be the way to go?

Also, the web server the application resides on can only be accessed by authenticated users. Does this mean that the http stream of data is also protected? It would seem to me that it is.

+2 A:

If you use HTTPS, the whole communication after establishing the connection will be transfered encrypted over SSL. Thus the file uploads will be sent encrypted too.

Gumbo 2009-05-22 13:23:57

+1 A:

If there is Main in The Middle, he can sniff the contents of the transmitted file. You must use a secure connection in order to prevent this. So HTTPS would be the answer.

Maciej Łebkowski 2009-05-22 13:24:02

HTTPS is not immune to MITM attacks.

Roger 2010-08-14 21:11:39

+1 A:

Yes, use HTTPS if you want to ensure that the data can not intercepted.

rikh 2009-05-22 13:24:21

also, check if the uploaded file really is an image and not a script.

Schnalle 2009-05-22 13:31:44

ansaurus

tags:

views:

answers:

How do I make data uploaded by PHP safe during transmission?

related questions